ICO call for views on a direct marketing code of practice 


CO. 


lntormation Commissioner's Office 


It is important that organisations ensure their marketing activities are compliant with data 
protection legislation (the General Data Protection Regulation and Data Protection Act 2018) 
and, where necessary, the Privacy and Electronic Communications Regulations 2003 (PECR). 


The new code of practice will build on our current direct marketing guidance and address the 
aspects of the new legislation relevant to direct marketing such as transparency and lawful 
bases for processing, as well as covering the rules on electronic marketing (for example 
emails, text messages, phone calls) under PECR. 


The European Union is in the process of replacing the current e-privacy law (and therefore 
PECR) with a new ePrivacy Regulation (ePR). However the new ePR is yet to be agreed and 
there is no certainty about what the final rules will be. Because of this we intend for the 
direct marketing code to only cover the current PECR rules until the ePR is agreed. Once the 
ePR is finalised and the UK position in relation to it is clear we will produce an updated 
version of the code which takes this into account as appropriate. 


Please send us your views by 24 December 2018. 


Privacy statement 


For this call for views we will publish responses received from organisations but will remove 
any personal data before publication. We will not publish responses from individuals. For 
more information about what we do with personal data please see our privacy notice. 


Q1 


Q2 


Q3 


Q4 


Q5 


Q6 


The code will address the changes in data protection legislation and the implications 
for direct marketing. What changes to the data protection legislation do you think we 
should focus on in the direct marketing code? 


There is still a lot of uncertainty around the use of bought in lists and how this 
interacts with consent under the GDPR, as well as when legitimate interests and 
consent can or should be used. In particular, i see a lot of people misapplying these 
issues when conducting, or wanting to conduct, business to business marketing as 
they believe they only apply to Business to Consumer marketing (even though PECR 
says differently!) 


Apart from the recent changes to data protection legislation are there other developments 
that are having an impact on your organisation’s direct marketing practices that you think 
we should address in the code? 


Yes 


[¥] No 


If yes please specify 


We are planning to produce the code before the draft ePrivacy Regulation (ePR) is agreed. 
We will then produce a revised code once the ePR becomes law. Do you agree with this 
approach? 


Yes 


No 


If no please explain why you disagree 


Is the content of the ICO’s existing direct marketing guidance relevant to the marketing that 
your organisation is involved in? 


Yes 


No 


Q7 If no what additional areas would you like to see covered? 


Q8 Is it easy to find information in our existing direct marketing guidance? 


Yes 


No 


Q9 Ifno, do you have any suggestions on how we should structure the direct marketing code? 


Q10 Please provide details of any case studies or marketing scenarios that you would like 
to see included in the direct marketing code. 


More examples of how to share data for direct marketing purposes in a compliant 
way 


Q11 Do you have any other suggestions for the direct marketing code? 
n/a 


About you: 


Q12 Are you answering these questions as: 
a public sector worker 
a private sector worker 
a third or voluntary sector worker 
a member of the public 
a representative of a trade association 
a data subject 
an ICO employee 


other 
If you answered other, please specify: 


Q13 Please provide the name of the organisation that you are representing: 
Cox Automotive UK 


Q14 We may want to contact you about some of the points you have raised. If you are 
happy for us to do this please provide your email address: 


o coxauto.co.uk 


